1. Field of the Invention
Embodiments of the present invention generally relate to identity security systems and, more particularly, to a method and apparatus for detecting suspicious login activity to provide a secure authentication process.
2. Description of the Related Art
With the development and progression of computers, people have become internet savvy and spend a significant amount of time browsing the Internet to communicate with other people (e.g., through instant messages and emails), conduct research (e.g., through educational websites, digital libraries and expert discussion forums), perform business applications. Such an increase in Internet usage has led more and more people to make transactions online (e.g., online securities trading and bank account management and/or the like).
While online transactions are easy and simple, people risk misappropriation of valuable credentials (e.g., a login id, a password, a credit card number and/or the like) from being stolen and/or misused. The people, using websites for online transactions, are often apprehensive about their genuineness and credibility. In most websites, users are recognized (e.g., based on a cookie and the like) before they login. As a result, the user's credentials are accessible to other illicit users, and hence, are at risk. As such, the illicit user can log on and misuse the user credentials. Consequently, authentication techniques are utilized to ensure protect legitimate users that conduct online transactions.
Current authentication techniques utilize an authentication user interface. But the authentication user interface is dumb and merely collects credentials and validates these credentials. Further, the current authentication techniques can not differentiate between authentic login activity and suspicious login activity made by the illicit user. In addition, the illicit user may steal and/or use a system file (e.g., a .crd file) provided by the identity provider and may try to pass through the authentication process to login to the website that is cookie enabled. In addition, the user may forget to delete credential information from the computer after making online transactions. The illicit user can take an advantage in the absence of the legitimate user.
Therefore, there is a need in the art for a method and apparatus for detecting suspicious login activity to provide a secure authentication process.